- Joined
- Dec 13, 2022
My teacher in my IT class mentioned that windows 10 Defender is software based and that hackers will have full access to my systems if they take it over. Should I find a replacement and if so what should I use?
Should I replace Windows 10 defender?
- Thread starter Alaric the Visigoth
- Start date
Solution
- Joined
- Dec 16, 2023
My typical recommendation is Symantec Endpoint Protection. It is enterprise grade software, but you put it in "Dark Network" mode and it doesn't require a command server to function, it works completely independently. You can usually find it for free. It requires no keys, no license files, no serial number, etc... and it never expires, so you can use and update it forever.
- Joined
- Aug 9, 2022
All tech is backdoored and pozzed. Destroy your devices and start raising pigeons.
- Joined
- Dec 16, 2023
Also, one of the big benefits I find of SEP is that the firewall is a completely independent entity. You can literally block everything, including your OS, from connecting to the internet. You can set exactly which programs can connect, where they connect to, what ports they use, even what time of day. It's the ultimate "Whitelist" approach. Yes, it does take some configuring, but controlling your setup how you want always requires some configuring. You have absolute and complete control over your internet connection and what gets to talk through it, along with how, who, and when. Your OS can't spy on you when it can't connect to anything to send the data. With the granular controls you can still allow it to talk to the update server when you want to, but you can still block it from sending out your telemetric data, so you get the best of both worlds. Same with malware or spyware. Let's say you install something that manages to get past both the definitions and the heuristic analysis engine (think of it as a low-powered AI that looks for behaviors from your files that act like malware or spyware that hasn't been seen before) running in SEP, if it can't connect out of your system, how can it be harmful? It can't exfiltrate your data, it can't import commands from anywhere else, and it can't act as a backdoor for someone to infiltrate your system from abroad.
I've been running SEP in whitelist mode for more than a decade and never had anything communicate unless I let it, nothing installed that was harmful, and never had any identity breach or password exfiltration. This may not seem impressive, but for professional reasons I need to visit and keep tabs on some very shady places and install/run software from such, etc... Places where you would only feel safe using a completely locked down VM, over TOR, on a single purpose machine, fully locked down, over a VPN, running SEP as my very last backstop.
If you have any doubt about it, install this on a machine, set it to full whitelist mode, and then use a MITM (man in the middle) machine to monitor the internet traffic to and from the machine, you will be able to verify for yourself that nothing gets in or out without your permission.
Of course, make sure to keep in mind that since it runs in your OS, is it strictly limited to OS and above, nothing below. That is the only limitation of all OS installable software. So, Intel vPRO, Dell DRAC, etc... anything run through Baseboard Management, typically called a BMC. These operate below the OS, Software that is within the OS obviously can't do anything about stuff that runs with an even higher level of privilege below it (this may seem like a strange turn of phrase, but in the IT world, the higher your privilege, the lower level your access closer to what is typically called the "metal"). This also means that the software has no ability to stop a hypervisor, UEFI infiltration or Pre-OS attack. Again, since the software is restrained to the OS, UEFI or Pre-OS is beyond its realm. For that you need a 3rd party hardware solution, which is way beyond this level of discussion. The best SEP can do in this type of situation is integrity verification, it checks to see if things look OK before it boots your OS, and if things looks weird, it stops the OS from loading so it can't be infected or infiltrated. It's not foolproof, but its the best anyone can provide without being hardware.
*Note: I do not work in any capacity for Symantec or any of its subsidiaries, or its owners. I have no stock in any of the companies involved with Symantec in any way. I just like their software (which if you find on some corpo server, you are getting for free, so they get absolutely squat)
I've been running SEP in whitelist mode for more than a decade and never had anything communicate unless I let it, nothing installed that was harmful, and never had any identity breach or password exfiltration. This may not seem impressive, but for professional reasons I need to visit and keep tabs on some very shady places and install/run software from such, etc... Places where you would only feel safe using a completely locked down VM, over TOR, on a single purpose machine, fully locked down, over a VPN, running SEP as my very last backstop.
If you have any doubt about it, install this on a machine, set it to full whitelist mode, and then use a MITM (man in the middle) machine to monitor the internet traffic to and from the machine, you will be able to verify for yourself that nothing gets in or out without your permission.
Of course, make sure to keep in mind that since it runs in your OS, is it strictly limited to OS and above, nothing below. That is the only limitation of all OS installable software. So, Intel vPRO, Dell DRAC, etc... anything run through Baseboard Management, typically called a BMC. These operate below the OS, Software that is within the OS obviously can't do anything about stuff that runs with an even higher level of privilege below it (this may seem like a strange turn of phrase, but in the IT world, the higher your privilege, the lower level your access closer to what is typically called the "metal"). This also means that the software has no ability to stop a hypervisor, UEFI infiltration or Pre-OS attack. Again, since the software is restrained to the OS, UEFI or Pre-OS is beyond its realm. For that you need a 3rd party hardware solution, which is way beyond this level of discussion. The best SEP can do in this type of situation is integrity verification, it checks to see if things look OK before it boots your OS, and if things looks weird, it stops the OS from loading so it can't be infected or infiltrated. It's not foolproof, but its the best anyone can provide without being hardware.
*Note: I do not work in any capacity for Symantec or any of its subsidiaries, or its owners. I have no stock in any of the companies involved with Symantec in any way. I just like their software (which if you find on some corpo server, you are getting for free, so they get absolutely squat)
Last edited: